© Gudmund Grov & Andrew Ireland Dependable Systems Group Planning for System Development Gudmund Grov & Andrew Ireland Dependable Systems Group School.

Slides:



Advertisements
Similar presentations
Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Advertisements

Teaching Formal Methods for the Unconquered Territory Nestor Catano Madeira ITI, Portugal Camilo Rueda Pontificia Universidad Javeriana (PUJ), Cali, Colombia.
© Colin Potts C6-1 Some future trends in requirements engineering Colin Potts Georgia Tech.
LIFE CYCLE MODELS FORMAL TRANSFORMATION
Background information Formal verification methods based on theorem proving techniques and model­checking –to prove the absence of errors (in the formal.
An Integration of Program Analysis and Automated Theorem Proving Bill J. Ellis & Andrew Ireland School of Mathematical & Computer Sciences Heriot-Watt.
Event-B in a Nutshell Test Data Generation 13th CREST Open Workshop 12th-13th of May 2011, London 13th CREST Open Workshop 12th-13th of May 2011, London.
Formal Methods in Software Engineering Credit Hours: 3+0 By: Qaisar Javaid Assistant Professor Formal Methods in Software Engineering1.
Formal Methods of Systems Specification Logical Specification of Hard- and Software Prof. Dr. Holger Schlingloff Institut für Informatik der.
FM-SOA workshop 16 th Feb 2009 Formal Modelling and Analysis of Business Information Systems with Fault Tolerant Middleware Jeremy Bryans, John Fitzgerald,
PROOF TRANSLATION AND SMT LIB CERTIFICATION Yeting Ge Clark Barrett SMT 2008 July 7 Princeton.
Software engineering as a model of understanding for learning and problem solving Paul Gibson and Jackie O’Kelly Computer Science Department NUI, Maynooth.
VIDE Integrated Environment for Development and Verification of Programs.
The Architecture Design Process
Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.
Describing Syntax and Semantics
Department of Computer Science & Engineering College of Engineering Dr. Betty H.C. Cheng, Laura A. Campbell, Sascha Konrad The demand for distributed real-time.
Methods For The Prevention, Detection And Removal Of Software Security Vulnerabilities Jay-Evan J. Tevis Department of Computer Science and Software Engineering.
6 Feb 08 Deploying Rodin Michael Butler Dependable Systems and Software Engineering University of Southampton.
1 3rd of July 2009 CEA LIST Symbolic execution based model checking of open systems with unbounded variables Nicolas RAPIN CEA LIST.
Correlation testing for affine invariant properties on Shachar Lovett Institute for Advanced Study Joint with Hamed Hatami (McGill)
Lakatos-style Methods in Automated Reasoning Alison Pease University of Edinburgh Simon Colton Imperial College, London.
Discrete Mathematics, Part II CSE 2353 Fall 2007 Margaret H. Dunham Department of Computer Science and Engineering Southern Methodist University Some slides.
© Andrew IrelandDependable Systems Group Proof Automation for the SPARK Approach to High Integrity Ada Andrew Ireland Computing & Electrical Engineering.
© Andrew IrelandDependable Systems Group. © Andrew IrelandDependable Systems Group Proof Automation for the SPARK Approach to High Integrity Ada Andrew.
© Andrew IrelandDependable Systems Group Cooperative Reasoning for Automatic Software Verification Andrew Ireland School of Mathematical & Computer Sciences.
© Andrew IrelandDependable Systems Group ITI Techmedia and Technology Transfer Andrew Ireland Dependable Systems Group School of Mathematical & Computer.
(On secondment at) Praxis High Integrity Systems Bath Dependable Systems Group School of Mathematical & Computer Sciences Heriot-Watt University Edinburgh.
1 Inference Rules and Proofs (Z); Program Specification and Verification Inference Rules and Proofs (Z); Program Specification and Verification.
2012: J Paul GibsonTSP: MSC SAI Mathematical FoundationsMAT7003.ProofsWithRodin.1 MAT 7003 : Mathematical Foundations (for Software Engineering) J Paul.
Framework for the Development and Testing of Dependable and Safety-Critical Systems IKTA 065/ Supported by the Information and Communication.
© Andrew IrelandDependable Systems Group Cooperative Reasoning for Automatic Software Verification Andrew Ireland Dependable Systems Group School of Mathematical.
1 Introduction to Software Engineering Lecture 1.
© Andrew IrelandDependable Systems Group Cooperative Reasoning for Automatic Software Verification Andrew Ireland School of Mathematical & Computer Sciences.
© Andrew IrelandDependable Systems Group On the Scalability of Proof Carrying Code for Software Certification Andrew Ireland School of Mathematical & Computer.
School of Computer Science, The University of Adelaide© The University of Adelaide, Australian Computer Science Week 2005 Selected papers from: ACSC.
Lecture Introduction to Proofs 1.7 Proof Methods and Strategy.
© Andrew IrelandDependable Systems Group Static Analysis and Program Proof Andrew Ireland School of Mathematical & Computer Sciences Heriot-Watt University.
© Andrew IrelandDependable Systems Group Invariant Patterns for Program Reasoning Andrew Ireland Dependable Systems Group School of Mathematical & Computer.
1 CSCD 326 Data Structures I Software Design. 2 The Software Life Cycle 1. Specification 2. Design 3. Risk Analysis 4. Verification 5. Coding 6. Testing.
© Andrew IrelandDependable Systems Group Proof Automation for the SPARK Approach to High Integrity Ada Andrew Ireland Computing & Electrical Engineering.
27/3/2008 1/16 A FRAMEWORK FOR REQUIREMENTS ENGINEERING PROCESS DEVELOPMENT (FRERE) Dr. Li Jiang School of Computer Science The.
2nd March 2010IFIP WG 2.11 St Andrews1 Costing by construction Greg Michaelson School of Mathematical & Computer Sciences Heriot-Watt University.
Testing OO software. State Based Testing State machine: implementation-independent specification (model) of the dynamic behaviour of the system State:
SPADEase: The Good, the Bad and the Ugly Bill J Ellis Dependable Systems Group School of Mathematical & Computer Sciences Heriot-Watt University Edinburgh.
Metadata By N.Gopinath AP/CSE Metadata and it’s role in the lifecycle. The collection, maintenance, and deployment of metadata Metadata and tool integration.
Open Incremental Model Checking (OIMC) and the Role of Contracts Model-Based Programming and Verification.
THIS IS With Host... Your Modified T/F Modified T/F Multiple Choice Multiple Choice Completion.
Formal Specification: a Roadmap Axel van Lamsweerde published on ICSE (International Conference on Software Engineering) Jing Ai 10/28/2003.
Static Techniques for V&V. Hierarchy of V&V techniques Static Analysis V&V Dynamic Techniques Model Checking Simulation Symbolic Execution Testing Informal.
Formal Verification. Background Information Formal verification methods based on theorem proving techniques and model­checking –To prove the absence of.
CSC3315 (Spring 2009)1 CSC 3315 Languages & Compilers Hamid Harroud School of Science and Engineering, Akhawayn University
CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
© Andrew IrelandDependable Systems Group The Use of Patterns to Guide Code Certification: A Proposal Andrew Ireland School of Mathematical & Computer Sciences.
© Andrew IrelandDependable Systems Group Increasing Automation for Exception Freedom Proofs Andrew Ireland School of Mathematical & Computer Sciences Heriot-Watt.
Section 1.7. Section Summary Mathematical Proofs Forms of Theorems Direct Proofs Indirect Proofs Proof of the Contrapositive Proof by Contradiction.
Certifying and Synthesizing Membership Equational Proofs Patrick Lincoln (SRI) joint work with Steven Eker (SRI), Jose Meseguer (Urbana) and Grigore Rosu.
October, 2008 DEPLOY Integrated Project Deployment of advances engineering methods for high productivity and dependability in European industry Alexander.
SMT-Based Verification of Parameterized Systems
Automating Induction for Solving Horn Clauses
B (The language of B-Method )
Logical architecture refinement
Cooperative Reasoning for Automatic Software Verification
Programming Languages 2nd edition Tucker and Noonan
Andrew Ireland Dependable Systems Group
Introduction to Proofs Proof Methods and Strategy
Proof Automation for the SPARK Approach to High Integrity Ada
Automatic Software Verification: A Renaissance
Programming Languages 2nd edition Tucker and Noonan
Rich Model Toolkit – An Infrastructure for Reliable Computer Systems
Presentation transcript:

© Gudmund Grov & Andrew Ireland Dependable Systems Group Planning for System Development Gudmund Grov & Andrew Ireland Dependable Systems Group School of Mathematical & Computer Sciences Heriot-Watt University Edinburgh

© Gudmund Grov & Andrew Ireland Dependable Systems Group Outline Proof planning and software development Event-B and rigorous system development Research opportunities A proposal

© Gudmund Grov & Andrew Ireland Dependable Systems Group Conjecture Theorem Proving Automatic Theorem Prover: Proof Rules + Guidance Theory Proofs

© Gudmund Grov & Andrew Ireland Dependable Systems Group Conjecture Proof Planning Proof Plans: methods and critics Proof Checker Theory TacticsProofs Proof Planner External tools Program Analysis (SPARK) User Interaction

© Gudmund Grov & Andrew Ireland Dependable Systems Group Proof Plans: A Science of Reasoning concrete proofs proofs patterns Patterns provide guidance in the search for concrete proofs, in particular where proof patching is required

© Gudmund Grov & Andrew Ireland Dependable Systems Group Proof Planning Reuse: strategies can be easily ported between proof checkers Robustness: critics and middle-out reasoning provide flexibility in how proof search is organized Cooperation: provides a natural level for combining multiple reasoning processes, i.e. complementary techniques compensating for each other’s weaknesses

© Gudmund Grov & Andrew Ireland Dependable Systems Group Clam-Oyster, lambdaClam: Functional program verification, synthesis & transformation; hardware verification Periwinkle, lambdaClam, Whelk: Logic program synthesis Bertha: Imperative program verification & synthesis SPADEase: Verification automation for SPARK CORE: Cooperative Reasoning for Automatic Software Verification SEAR: System Evolution via Animation and Reasoning Software Development Applications

© Gudmund Grov & Andrew Ireland Dependable Systems Group Automatic Proof Patching Inductive lemmas discovery Conjecture generalization Case splitting Induction rule revision & synthesis Existential witnesses Correcting false conjectures Loop invariant discovery Frame axiom discovery Tactic formation via data-mining

© Gudmund Grov & Andrew Ireland Dependable Systems Group Event-B An approach to systems development which seamlessly combines modelling and reasoning Developed from the classical B-method for software development Tackles problem of volatile requirements by promoting model evolution and reformulation Event-B tool: Eclipse based plug-in architecture providing “design-time feedback” EU Projects: RODIN (04-07) DEPLOY (08-12) Industrial partners: Bosch, Siemens, Space Systems Finland, SAP, Nokia

© Gudmund Grov & Andrew Ireland Dependable Systems Group Event-B Systems represented as discrete transition systems, using classical logic and set-theory System = Model + Context –Models contain variables, invariants and events (guards + actions) –Contexts contain constants, carrier sets and properties Development of complex systems managed via: –refinement –(de-)composition –generic instantiation

© Gudmund Grov & Andrew Ireland Dependable Systems Group User Interaction & Event-B Proving: –autoprover failures –proof-failure analysis –existential witnesses Modelling: –defining models, refinements, (de-)compositions and generic instantiations –defining gluing invariants – links variables between model refinements –patching models using proof-failure analysis –selecting refinement patterns

© Gudmund Grov & Andrew Ireland Dependable Systems Group Models and contexts Model Context Variables Invariants Events Constants Carrier sets Properties Sees

© Gudmund Grov & Andrew Ireland Dependable Systems Group Development: refinement & (de-)composition

© Gudmund Grov & Andrew Ireland Dependable Systems Group instantiates Development: generic instantiation

© Gudmund Grov & Andrew Ireland Dependable Systems Group Abrial’s “Cars on a Bridge” Model n

© Gudmund Grov & Andrew Ireland Dependable Systems Group First Refinement b a c c a=0 c=0 a

© Gudmund Grov & Andrew Ireland Dependable Systems Group b a c First Refinement

© Gudmund Grov & Andrew Ireland Dependable Systems Group Second Refinement 0 1 b c=0 ac a=0 a c

© Gudmund Grov & Andrew Ireland Dependable Systems Group Second Refinement 0 1 b a c

© Gudmund Grov & Andrew Ireland Dependable Systems Group Proof Obligation 1 ML_out preserves inv2_3 Failure analysis: proof obligation unprovable Proof patch: assume negated premise of goal implication, i.e. simplified to Model patch 1 (local): strengthen guard: Model patch 2 (global): strengthen invariant:

© Gudmund Grov & Andrew Ireland Dependable Systems Group Proof Obligation 2 IL_out preserves inv2_4 Failure analysis: proof obligation unprovable. Proof patch: assume negated premise of goal implication: simplified to Model patch 1 (local): strengthen guard: Model patch 2 (global): strengthen invariant:

© Gudmund Grov & Andrew Ireland Dependable Systems Group Observations on Model Patching Both proof-failures suggest the same global patch, i.e. at least one traffic light must always be set to red! Model patch: inv2_5 is added to the invariant: Note that proof-analysis gives rise to alternative model patches

© Gudmund Grov & Andrew Ireland Dependable Systems Group Proof Obligation 3 ML_out preserves inv2_4 Failure analysis: unprovable case Model patch: event splitting First event: (trivial to prove)Second event:

© Gudmund Grov & Andrew Ireland Dependable Systems Group Example proof 4 ML_out_2 preserves inv2_4 Note: guard cannot be updated by since it already contains Model patch: update action, i.e.

© Gudmund Grov & Andrew Ireland Dependable Systems Group Observations Proof-failure analysis plays a central role in developing systems within Event-B Over coming proof-failures typically involves patching models, e.g. invariant strengthening, modifying events (guards & actions) Strong interplay between modelling and proving: “A program [model] and its proof should be developed [planned] hand-in-hand, with the proof [plan] usually leading the way” “The Science of Programming” Gries, `81 No automation for proof-failure analysis and patching, i.e. currently hand-crafted by users

© Gudmund Grov & Andrew Ireland Dependable Systems Group Observations Proof-failure analysis plays a central role in developing systems within Event-B Over coming proof-failures typically involves patching models, e.g. invariant strengthening, modifying events (guards & actions) Event-B promotes strong interplay between modelling and proving No automation for proof-failure analysis and patching, i.e. currently hand-crafted by users

© Gudmund Grov & Andrew Ireland Dependable Systems Group Opportunities Proving: –Increasing proof automation with the Event-B tool: proving invariants, refinements, generic instantiations Reuse, reformulation & learning strategies (tactic formation) proof by mathematical induction (Rodin toolset roadmap includes inductive data types) existential witnessing –Proof patching: invariants, generalizations and lemmas Modelling & Proving: –Exploiting the interplay between proving and modelling, i.e. use proof-failure analysis to inform model patching –Discovering gluing invariants –Build upon existing refinement patterns

© Gudmund Grov & Andrew Ireland Dependable Systems Group Planning for Event-B Proof plans represent common patterns of reasoning Model plans represent common patterns of development?

© Gudmund Grov & Andrew Ireland Dependable Systems Group Planning for Event-B Event-B MUI Event-B PUI Event-B POG Event-B POM Event-B SEQP Event-B SC ProB

© Gudmund Grov & Andrew Ireland Dependable Systems Group Planning for Event-B Proof Planner Event-B MUI Event-B PUI Event-B POG ProB Event-B POM Event-B SEQP Event-B SC

© Gudmund Grov & Andrew Ireland Dependable Systems Group Planning for Event-B Proof Planner Event-B MUI Event-B POG ProB Event-B POM Event-B SEQP Event-B SC Model Planner

© Gudmund Grov & Andrew Ireland Dependable Systems Group Planning for Event-B Proof Planner UML-B MUI Event-B POG ProB Event-B POM Event-B SEQP Event-B SC Model Planner Event-B MUI

© Gudmund Grov & Andrew Ireland Dependable Systems Group Planning for Event-B Proposal Develop a proof planning plug-in Reuse and develop new proof plans which increase proof automation Investigate the idea of model planning via the development of a plug-in Through the development of proof and model plans, investigate the interplay between proving and modelling, e.g. how proof-failure analysis informs model reformulation and evolution

© Gudmund Grov & Andrew Ireland Dependable Systems Group Conclusion Event-B: a mature technology for developing complex systems Open architecture where the interplay between modelling and proving is taken seriously Opportunities for model and proof planning: –Engineering: raise the level at which a developer works – focus on high-level modelling decisions –Science: deepen our understanding of the relation between modelling and proof – a science of rigorous modelling!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.